Does diversity matter in cyber?

Welcome to the CISO Perspectives Weekly Briefing, where we break down this week’s conversation, providing insights into relevant research and information to help you further understand the topics discussed.

At 600 words, this briefing is about a 4-minute read.

Diversity in cyber.

Diversity has become a hot-button issue, often stirring debate and division. With more people concerned about the detriments of diversity, many have forgotten the reasons why these initiatives were brought about in the first place. 

However, before discussing the merits of diversity, it is critical to understand what diversity currently looks like in the cybersecurity workplace.

According to reports from 2021 to 2023, they found the following:

• 20% to 25% of the cybersecurity industry is made up of women.
• Minorities account for only 26% of all cybersecurity employees.
• 9% of the workforce is Black.
• 8% of the workforce is Asian.
• 4% of the workforce is Hispanic.

These figures highlight a stark contrast, not just within cybersecurity, but also when compared to other major industries, like healthcare. For example, the following stats were found:

• 37% of practicing doctors were women.
• 18% of physicians were Asian.
• 9% of physicians were Hispanic.
• 5% of physicians were Black.

While not every surveyed demographic was higher than those in cybersecurity, the difference is clear. Despite some arguing that workforce diversity is a secondary concern in more technical fields, research demonstrates that investing in more diverse teams produces tangible benefits.

Why diversity matters.

Cultivating and developing diverse teams has tangible benefits for an organization. For example, research supports the following conclusions:

• Diverse teams avoid more errors.
• Diverse companies generate higher profits.

Regarding making fewer errors, research has found that diverse teams account for more outcomes and oversights are less likely. For example, in a study published by the Journal of Personality and Social Psychology, they found that in cases where mock jury panels were more diverse, these panels:

• Raised more facts related to the case than homogenous panels.
• Made fewer factual errors while discussing available evidence.
• When errors did occur, they were more likely to be corrected.

Outside of these findings, research also supports the idea that diverse teams are more innovative. In a study, published in Innovation: Management, Policy & Practice, the authors analyzed various levels of gender diversity in over 4,000 research and development teams from Spain. The authors concluded that companies and teams with more women were more likely to introduce radical innovations into the market over two years than those with less diverse teams. 

These findings were also supported by another study, published by Economic Geography. This study concluded that increased diversity contributed to greater innovation. In their study, the authors pooled data from over 7,000 firms and questioned them on their performance. From their findings, the authors found that businesses run by more culturally diverse leadership resulted in teams being more likely to develop new products.

Regarding greater financial value, a 2015 McKinsey report, which surveyed 366 public companies, found that those who had greater diversity in both ethnicity and gender had higher likelihoods of greater returns. The report found that companies in the top quartile for ethnic diversity in management were 35% more likely to have financial returns above the industry mean and those in the top quartile for gender diversity were 15% more likely to have returns above the industry mean.

Given that cybersecurity relies on adaptability, innovation, and accuracy, building diverse teams is not just good ethics, it is smart business. Cyber leaders should view diversity as a strategic advantage, rather than a checkbox or a divisive talking point.